The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides bash curl commands and a Python script using the requests library to interact with and test XML-processing endpoints.
[DATA_EXFILTRATION]: Contains specific XML External Entity (XXE) payloads designed to retrieve sensitive data, such as /etc/passwd or cloud provider metadata, from a user-specified target server.
[EXTERNAL_DOWNLOADS]: Documents and demonstrates the use of remote Document Type Definitions (DTDs) to facilitate blind XXE testing and data exfiltration.
[SAFE]: The identified security-testing behaviors are consistent with the skill's primary purpose and are directed at target infrastructure defined by the user during authorized security assessments.

testing-for-xml-injection-vulnerabilities